TEKIMAX
diff --git a/‎CHANGELOG.md‎
Lines changed: 41 additions & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 41 additions & 0 deletions
diff --git a/‎README.md‎
Lines changed: 2 additions & 2 deletions b/‎README.md‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎commands/install-rules.md‎
Lines changed: 68 additions & 54 deletions b/‎commands/install-rules.md‎
Lines changed: 68 additions & 54 deletions
diff --git a/‎extension.yml‎
Lines changed: 1 addition & 1 deletion b/‎extension.yml‎
Lines changed: 1 addition & 1 deletion
@@ -3,6 +3,47 @@
 All notable changes to `tekimax-security` will be documented here.
 Format: [Keep a Changelog](https://keepachangelog.com/en/1.1.0/) · SemVer.
 
+## [0.2.2] — 2026-04-13
+
+### Changed
+
+- **`install-rules` command** now writes to three targets instead of
+  one, so the rules are binding on the AI agent at runtime instead
+  of sitting in a docs file the agent may never read:
+  1. `docs/DEVELOPMENT-RULES.md` — full human-readable reference
+     (unchanged behavior, existing files backed up with timestamp)
+  2. `.specify/memory/constitution.md` — spec-kit constitution, read
+     by every spec-kit-aware agent at session start. Appends a
+     `## Development Rules` section with the 8 key principles and
+     a pointer to the full doc. Safe to re-run — skips if the
+     section already exists unless `--force` is passed.
+  3. Agent-specific context file — detected from
+     `.specify/init-options.json` and mapped per agent:
+     - `claude` → `CLAUDE.md`
+     - `copilot` → `.github/copilot-instructions.md`
+     - `gemini` → `GEMINI.md`
+     - `cursor` / `cursor-agent` → `.cursorrules`
+     - `windsurf` → `.windsurfrules`
+     - everything else → `AGENTS.md` (the emerging cross-agent convention)
+
+- **New helper script** `scripts/bash/install-rules.sh` performs the
+  three-target writes atomically. Detects the project name from
+  `.specify/init-options.json` or the current directory name.
+  Accepts `--docs`, `--project-name`, and `--force` flags. Prints a
+  summary box showing which files were created, appended, or skipped.
+
+### Added
+
+- **Three new tests** under `tests/install-rules/`:
+  - `writes-three-targets.sh` — claude agent, verifies all three
+    files are written and project name is substituted into the docs
+  - `agent-fallback.sh` — unknown/generic agent, verifies fallback to
+    `AGENTS.md` and constitution creation from scratch
+  - `idempotent-append.sh` — running twice doesn't duplicate the
+    `## Development Rules` section in the constitution or agent file
+
+Test suite is now 8 tests (was 5). All pass.
+
 ## [0.2.1] — 2026-04-13
 
 ### Added
 
@@ -10,7 +10,7 @@
 
 [![Spec Kit Extension](https://img.shields.io/badge/spec--kit-extension-7c3aed)](https://github.com/github/spec-kit)
 [![License](https://img.shields.io/badge/license-Apache--2.0-blue)](LICENSE)
-[![Version](https://img.shields.io/badge/version-0.2.1-green)](CHANGELOG.md)
+[![Version](https://img.shields.io/badge/version-0.2.2-green)](CHANGELOG.md)
 [![Status](https://img.shields.io/badge/status-alpha-orange)]()
 [![Made by TEKIMAX](https://img.shields.io/badge/made%20by-TEKIMAX-fbbf24)](https://tekimax.com)
 
@@ -64,7 +64,7 @@ specify extension add --dev /path/to/speckit-security
 
 # 3. Verify
 specify extension list
-# → ✓ TEKIMAX Secure SDD (v0.2.1)
+# → ✓ TEKIMAX Secure SDD (v0.2.2)
 #       Security-first extension for Spec Kit
 #       Commands: 8 | Hooks: 5 | Status: Enabled
 ```
 
@@ -1,83 +1,97 @@
 ---
-description: "Install a DEVELOPMENT-RULES.md into the user's project with commit, file-structure, code-org, naming, docs, and test rules"
+description: "Install development rules into the project — writes docs/DEVELOPMENT-RULES.md, appends to .specify/memory/constitution.md, and writes the agent-specific context file"
+scripts:
+  sh: .specify/extensions/tekimax-security/scripts/bash/install-rules.sh
 ---
 
 # Install Development Rules
 
-Copy the `speckit-security` development rules template into the user's
-project so their team inherits the same discipline: clean commit
-messages, hooks-in-hooks-directory, DRY, helper extraction, file length
-limits, naming conventions, inline documentation for intent, and
-incremental unit test requirements.
+Install the speckit-security development discipline into the user's
+project so both humans and the active AI agent inherit it. The rules
+cover commit messages, file structure, DRY, helper extraction, file
+length, naming, inline documentation, unit test requirements, and the
+review checklist.
 
 ## User Input
 
 $ARGUMENTS
 
 ## Context
 
-The rules are opinionated but stack-agnostic and have been battle-tested
-on this extension's own codebase. The goal is to raise the baseline
-engineering discipline of any project adopting `speckit-security`
-without forcing them to invent conventions from scratch.
+Writing the rules to a single `docs/` file is not enough — the AI
+agent only reads files it's explicitly directed to. To make the rules
+*binding* at runtime, they also need to land in the spec-kit
+constitution (which every spec-kit-aware agent reads at session start)
+and in the agent's native system-context file.
+
+This command delegates to a bash helper that handles all three writes
+atomically, detects the active agent from `.specify/init-options.json`,
+and safely appends to existing files without clobbering them.
 
 ## Steps
 
-1. **Locate the project root** — the directory containing `.specify/`.
+1. Run the installer script:
 
-2. **Determine the target path** — default is `docs/DEVELOPMENT-RULES.md`
-   at the project root. If the user passed a path in `$ARGUMENTS`, use
-   that instead.
+   ```bash
+   bash {SCRIPT}
+   ```
 
-3. **Check for an existing file at the target path.** If one exists:
-   - **Do not overwrite silently.** Back it up to
-     `<target>.backup-<date>.md` and note the backup path.
-   - Or exit and ask the user to confirm overwrite.
+   Optional arguments:
+   - `--docs <path>` — override the default `docs/DEVELOPMENT-RULES.md` target
+   - `--project-name <name>` — override project name detection
+   - `--force` — replace an existing `## Development Rules` section
+     in the constitution or agent context file instead of skipping it
 
-4. **Read the template** from
-   `.specify/extensions/tekimax-security/templates/development-rules.md`.
+2. The script performs three writes:
 
-5. **Substitute variables** in the template:
-   - `{{PROJECT_NAME}}` → the project name from `.specify/init-options.json`
-     or the directory name if the JSON isn't present.
+   **Target 1 — `docs/DEVELOPMENT-RULES.md`**
 
-6. **Write the rendered file** to the target path. Create the `docs/`
-   directory if it doesn't exist.
+   Full human-readable rules. Template is copied from
+   `.specify/extensions/tekimax-security/templates/development-rules.md`
+   with `{{PROJECT_NAME}}` substituted. Existing files are backed up
+   with a timestamped suffix before being overwritten.
 
-7. **Update the project's `CONTRIBUTING.md` if present** to add a
-   reference:
+   **Target 2 — `.specify/memory/constitution.md`**
 
-   ```markdown
-   ## Development Rules
+   Spec-kit's project constitution. Every spec-kit-aware agent reads
+   this at session start, so rules written here bind every agent the
+   user interacts with. The script appends a `## Development Rules`
+   section with the key principles (short form) and a pointer to the
+   full doc. If the section already exists, the script skips it
+   unless `--force` was passed.
 
-   See [docs/DEVELOPMENT-RULES.md](docs/DEVELOPMENT-RULES.md) for the
-   full development discipline — commit messages, file structure,
-   code organization, naming, documentation, and unit test rules.
-   ```
+   **Target 3 — Agent-specific context file**
 
-   If no `CONTRIBUTING.md` exists, skip this step and note it in the
-   output.
+   The agent is detected from `.specify/init-options.json` (`ai`
+   field). The script maps the agent to its native context file:
 
-8. **Print a summary** of what was installed:
+   | Agent | File |
+   |---|---|
+   | `claude` | `CLAUDE.md` |
+   | `copilot` | `.github/copilot-instructions.md` |
+   | `gemini` | `GEMINI.md` |
+   | `cursor` / `cursor-agent` | `.cursorrules` |
+   | `windsurf` | `.windsurfrules` |
+   | `opencode`, `codex`, `kiro-cli`, and everything else | `AGENTS.md` |
 
-   ```
-   ✓ Installed DEVELOPMENT-RULES.md at docs/DEVELOPMENT-RULES.md
-   ✓ Added reference in CONTRIBUTING.md
-
-   Next steps:
-     1. Review the rules and customize §5 (naming) for your language
-     2. Remove any sections that don't apply (e.g. bash-specific rules
-        for a TypeScript project)
-     3. Commit the file
-     4. Link it from your CONTRIBUTING.md if you don't already
-   ```
+   The same short-form rules section is appended to the detected
+   context file. Same safety rules as the constitution: skip if
+   section exists, unless `--force`.
+
+3. The script prints a summary box with the three target paths and
+   whether each was created, appended, or skipped.
+
+4. If the user wants to review before committing, they can diff the
+   three files against the backups or against their git index.
 
 ## Rules
 
-- **Never overwrite an existing file without backing it up.**
-- **Never modify files outside the project root.**
-- **Leave a visible note** in the installed file indicating which
-  command installed it and that it can be freely customized.
-- The installed rules are **a starting point**, not a straitjacket.
-  Teams are expected to adapt them to their language, framework, and
-  conventions.
+- **Never silently overwrite.** The full `docs/DEVELOPMENT-RULES.md`
+  is backed up before replacement; the constitution and agent context
+  files are append-only unless `--force` is passed.
+- **Never modify files outside the project root.** The script uses
+  relative paths and refuses to write to absolute paths.
+- **Detect the agent correctly.** If `.specify/init-options.json` is
+  missing or malformed, default to `generic` + `AGENTS.md`.
+- **Print what changed.** The summary box is the contract — every run
+  tells the user exactly which files were touched.
@@ -3,7 +3,7 @@ schema_version: "1.0"
 extension:
   id: "tekimax-security"
   name: "TEKIMAX Secure SDD"
-  version: "0.2.1"
+  version: "0.2.2"
   description: "Security-first extension for Spec Kit — threat modeling, red teaming, AI guardrails, data contracts, and model governance gates."
   author: "Christian Kaman (TEKIMAX) <support@tekimax.com>"
   repository: "https://github.com/TEKIMAX/speckit-security"